Establishing a secure communication connection (i.e., a secure pairing) between computing devices is critical to protecting the integrity and privacy of data transmitted between the devices over a network. Each computing device must verify the identity of the other computing device(s) to confirm, for example, that the data is being transmitted to the appropriate party (i.e., not a rogue computing device). Additionally, the data stored and/or transmitted among the computing devices may be private to a particular user or group of users (e.g., financial statements, legal documents, etc.) and, therefore, require that it is inaccessible to other users of the computing device. Accordingly, mechanisms are required to both establish secure communication connections and to authenticate the particular users of the computing devices.
A traditional means for establishing a secure pairing between computing devices is to use a trusted third party (e.g., a certificate authority or a trusted server) to authenticate the identities of the computing devices and to securely pair the computing devices by exchanging cryptographic keys (i.e., shared keys) between them. In doing so, the trusted third party acts as the root of trust and is trusted by each of the computing devices to operate securely and honestly. Alternatively, the computing devices may establish a secure communication connection by exchanging cryptographic keys over a near-field communication link. The security lies in the close proximity of the computing devices in such an embodiment.